#!/bin/sh
#note, root2user called via shutdownconfig, changes root to fido.
#110507 TaZOC bug fix.
#120201 rodin.s: internationalized.
#120323 replace 'xmessage' with 'pupmessage'.
#120409 if using minit instead of busybox init.
#130527 extract code that bumps user to root to script 'user2root'.
#130531 explain root, fido and spot.
#130601 offer run some internet apps as user 'spot'. see also usr/sbin/setup-spot and 3builddistro (in woof).
#130604 use actual names of executables, passed to setup-spot. multiple spot checkboxes.
#130723 pre-populate /root/.spot-status.
#130822 add firefox to run as spot. see also 3builddistro.

export TEXTDOMAIN=loginmanager
export TEXTDOMAINDIR=/usr/share/locale
export OUTPUT_CHARSET=UTF-8
. gettext.sh

HOMEUSER="`whoami`"
xHOMEUSER="$HOMEUSER"
[ "$HOMEUSER" = "root" ] && xHOMEUSER='administrator'

CHANGE2ROOT=""
if [ "$HOMEUSER" != "root" ];then
 CHANGE2ROOT="<text><label>$(gettext "You are currently running as 'fido', however, if you wish, you can change to the administrator (root) permanently on the next boot. Just tick this box and it will be so:")</label></text>
  <checkbox>
   <label>$(gettext 'Tick box to become administrator permanently')</label>
   <default>false</default>
   <variable>CHECKADMIN</variable>
  </checkbox>
  <hbox>
   <entry invisible_char=\"x\" visibility=\"false\">
    <variable>ADMINPASSWORD</variable>
   </entry>
   <text><label>$(gettext 'Type admin password here')</label></text>
  </hbox>
 <text><label>$(gettext 'This will take affect after reboot.')</label></text>
 "

fi

touch /root/.spot-status

MOREEXPERIMENT='
This feature has recently been introduced in the official Puppy.
If you would like to help out and add more apps to run as spot,
edit /root/.spot-status. For example, to add Sylpheed mail client,
insert a line "sylpheed=false". Then type "loginmanager" in a
terminal, and you will see the checkbox for sylpheed. Tick it,
click OK button, then see if sylpheed then runs as spot.
Note, /usr/sbin/loginmanager calls /usr/sbin/setup-spot to
setup sylpheed to run as spot, also to revert to root if you
untick the checkbox.
In some cases, setup-spot may need to be customised, as you
will see I have done for seamonkey.
If you are successful please let me know bkauler@gmail.com'
echo "xmessage -bg red -center 'NOT YET IMPLEMENTED${MOREEXPERIMENT}'" > /tmp/notyetimplemented
chmod 755 /tmp/notyetimplemented

if [ "$HOMEUSER" = "root" ];then #130601 130604

 #130723 pre-populate .spot-status... 130822 add firefox...
 for ONEAPP in seamonkey QtWeb opera firefox
 do
  [ "$(which ${ONEAPP})" = "" ] && continue
  [ "$(grep "${ONEAPP}" /root/.spot-status)" = "" ] && echo "${ONEAPP}=false" >> /root/.spot-status
 done

 SPOTCHECKS=''
 if [ -s /root/.spot-status ];then
  #organise checkboxes into 3 rows per column...
  SPOTCHECKS='<vbox>'
  CNT=0
  for ASPOTLIST in `cat /root/.spot-status`
  do
   [ ! "$ASPOTLIST" ] && continue
   CNT=`expr $CNT + 1`
   case $CNT in
    4) SPOTCHECKS="${SPOTCHECKS}</vbox><vbox>" ;;
    7) SPOTCHECKS="${SPOTCHECKS}</vbox><vbox>" ;;
    10) SPOTCHECKS="${SPOTCHECKS}</vbox><vbox>" ;;
   esac
   ANAME="`echo -n "$ASPOTLIST" | cut -f 1 -d '='`"
   AVALUE="`echo -n "$ASPOTLIST" | cut -f 2 -d '='`"
   SPOTCHECKS="${SPOTCHECKS}<checkbox><label>${ANAME}</label><variable>CHECK_${ANAME}</variable><default>${AVALUE}</default></checkbox>"
  done
  SPOTCHECKS="${SPOTCHECKS}</vbox>"
 fi

 SPOTLIST="
 <hbox>
  <vbox>
   <text width-chars=\"14\"><label>$(gettext 'Tick apps to run as spot:')</label></text>
  </vbox>
  ${SPOTCHECKS}
  <vbox><button><label>$(gettext 'More')</label><action>/tmp/notyetimplemented & </action></button></vbox>
 </hbox>
"
else
 SPOTLIST="<text use-markup=\"true\"><label>\"<b>$(gettext 'Disabled, as not logged in as administrator')</b>\"</label></text>"
fi

export MAIN_DIALOG="
<window title=\"Login and Security Manager\" icon-name=\"gtk-execute\" resizable=\"false\">
 <vbox>
  <text use-markup=\"true\"><label>\"<b>$(gettext 'Currently you are logged in as:') <big>${xHOMEUSER}</big></b>\"</label></text>
  
  <hbox>
   <pixmap><input file>/usr/share/doc/puppylogo96.png</input></pixmap>
   <frame administrator>
    <text><label>$(gettext "Puppy is structured in such a way that we consider running as administrator (also known as 'root') to be safe*, and is the choice of most users.")</label></text>
   </frame>
  </hbox>
  
  <hbox>
   <pixmap><input file>/root/spot/spot.png</input></pixmap>
   <frame spot>
    <vbox>
     <text><label>$(gettext "Logged in as administrator, it is possible to run some Internet applications as user 'spot'. This gives theoretical extra security.")</label></text>
     ${SPOTLIST}
    </vbox>
   </frame>
  </hbox>
  
  <hbox>
   <pixmap><input file>/usr/share/doc/fido96.png</input></pixmap>
   <frame fido>
    <vbox>
     <text><label>$(gettext 'Puppy only has one non-admin user, fido, as Puppy is not a multi-user system in the normal sense. Instead, individual session save-files can be set to root or fido as the user wishes (chosen at the time of creation of the save-file).')</label></text>
     ${CHANGE2ROOT}
    </vbox>
   </frame>
  </hbox>
  
  <hbox>
   <text><label>$(gettext 'Help:')</label></text>
   <button><input file>/usr/local/lib/X11/mini-icons/mini-question.xpm</input><action>basichtmlviewer file:///usr/share/doc/root.htm & </action></button>
   <text><label>$(gettext '*Legal:')</label></text>
   <button><input file>/usr/local/lib/X11/mini-icons/mini-question.xpm</input><action>basichtmlviewer file:///usr/share/doc/legal/puppy.htm & </action></button>
   <text><label>\"     \"</label></text>
   <button ok></button>
   <button cancel></button>
  </hbox>
 </vbox>
</window>
"


RETSTRING="`gtkdialog --program=MAIN_DIALOG --center`"
[ $? -ne 0 ] && exit

eval "$RETSTRING"
[ "$EXIT" != "OK" ] && exit

#if [ "$CHANGE2ROOT" != "" ];then
 if [ "$CHECKADMIN" = "true" ];then
  echo "$ADMINPASSWORD" | su root -c /usr/sbin/user2root #130527
  if [ $? -ne 0 ];then
   pupmessage -bg red -title "$(gettext 'LoginManager: error')" -center "$(gettext 'Sorry, admin password is wrong')"
   exit
  fi
 fi
#fi

if [ "$HOMEUSER" = "root" ];then #130604
 if [ -s /root/.spot-status ];then
  for ASPOTLIST in `echo "$RETSTRING" | grep '^CHECK_'`
  do
   ACHECKNAME="`echo -n "$ASPOTLIST" | cut -f 1 -d '='`"
   ANAME="`echo -n "$ACHECKNAME" | cut -f 2- -d '_'`"
   AVALUE="`echo -n "$ASPOTLIST" | cut -f 2 -d '"'`" #'geany
   ORIGVALUE="$(grep "^${ANAME}=" /root/.spot-status | cut -f 2 -d '=')"
   if [ "$AVALUE" != "$ORIGVALUE" ];then
    pupmessage -bg orange -title "$(gettext 'Security Manager:') ${ANAME}" "$(eval_gettext 'If ${ANAME} is running please exit it now, then click OK button...')"
    setup-spot "${ANAME}=${AVALUE}"
    case $AVALUE in
     true)
      extramsg=''
      case $ANAME in
       seamonkey)
        extramsg="
$(gettext 'Note also, the restrictions apply to all components of the SeaMonkey suite, including browser, Composer, address-book and ChatZilla.')" 
       ;;
      esac
      M_sm1="$(eval_gettext "The next time that you start \${ANAME}, it will run as user 'spot'.")

$(gettext 'Note, this restricts where you can download and save files to, and where they can be edited. You are restricted to /root/spot, and the default folder is /root/spot/Downloads.')

$(eval_gettext 'Note also, if you move or copy any files into /root/spot while ${ANAME} is running, you may be able to open but not edit them, as they may not have permissions/ownership rights for spot -- exiting and restarting ${ANAME} will automatically fix this.')
${extramsg}"
     ;;
     false)
      M_sm1="$(eval_gettext "The next time that you start \${ANAME}, it will run as the 'root' user (administrator).")

$(gettext 'Note, this gives you complete freedom to download, save and edit files anywhere in the system.')"
     ;;
    esac
    pupmessage -bg green -title "$(gettext 'Security Manager:') ${ANAME}" "$M_sm1"
   fi
  done
 fi
fi

###END###
